Siemens Fixes Critical Vulnerabilities in WinCC SCADA Products

Siemens has released software updates to address two critical vulnerabilities in its SIMATIC WinCC supervisory control and data acquisition (SCADA) system, one of which could be exploited remotely by an unauthenticated attacker.

The German industrial products giant has also released software updates for WinCC, PCS 7 and TIA Portal products, and said that it is working on additional updates for other versions of the affected products.

SIMATIC WinCC is used to monitor and control physical processes involved in industry and infrastructure, and is often used in industries such as oil and gas, chemical, food and beverage, water and wastewater. PCS 7 is a distributed control system (DCS) integrating SIMATIC WinCC, and TIA Portal is the company’s engineering software used for SIMATIC products.

The first vulnerability (CVE-2014-8551) within WinCC is rated as critical, with a CVSS Base Score or 10.0. The flaw could allow remote code execution for unauthenticated users if specially crafted packets are sent to the WinCC server, according to the security advisory from Siemens ProductCERT published Nov. 21.

The second vulnerability (CVE-2014-8552), also a component within WinCC, could allow an unauthenticated attacker to extract arbitrary files from the WinCC server by sending specially crafted packets to the server. However, in order to exploit this flaw, the attacker must have network access to the affected system, Siemens said.

While Siemens prepares additional software updates, the company’s ProductCERT team suggests that customers mitigate the risk of their systems by implementing the following steps:

• Always run WinCC server and engineering stations within a trusted network

"ICS-CERT has determined that users of HMI products from various vendors have been targeted in this campaign, including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC," according to the advisory. "It is currently unknown whether other vendor’s products have also been targeted."

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.